Page 1 of 3 123 LastLast
Results 1 to 10 of 21
  1. #1
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default New Feature we believe would be a *Major* selling point

    Hello,

    Thank you for such a wonderful product. We really enjoy Untangle and have signed up as a new MSP. Dave came down to our offices and we had lunch. He is great to work with. We have a few suggestions we believe would improve the product, and he suggested that we post them here.

    There are many security products out there that do intrusion prevention, but not many of them guard against dictionary attacks. Most of our clients have Microsoft Exchange servers (Outlook Web Access) and Citrix (web Interface) servers that have ports 80/443 open to the Internet. While firewalls protect against ports, they don't protect from dictionary attacks against logon.

    It would be great if Untangle sensed excessive logons to common web-interface applications - like Exchange Outlook Webaccess. We could set a threshold and then block, etc. We believe this would be the *killer* feature of the product. I can tell you right now that I could sell two dozen Untangle boxes by the end of the year if you had this feature now. It's an easy sell.

    Example: "Mr. Customer. Firewall used to be enough, but now dictionary attacks are at an all time high. You need advanced layer 7 protection", etc etc. Point at their Outlook Webaccess page and ask them what it would mean if they were compromised. Done deal.

    I suggest making this feature part of the professional package. Making it easier to leverage the package.
    Last edited by far182; 09-11-2008 at 01:51 PM.

  2. #2
    Master Untangler Lee Sharp's Avatar
    Join Date
    Feb 2008
    Location
    Houston, TX
    Posts
    391

    Default

    fail2ban can do this, and is installable into Untangle. If you have some way to get remote logs to the Untangle box, and configure fail2ban to use them, you can do this now. Not trivial, I know, but amazingly powerful.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Or configure Exchange to lock the account after x failed logins... I believe Exchange 2007 does this by default at 3 attempts. This sort of thing is usually best done by the service itself.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untanglit luttermann's Avatar
    Join Date
    Jul 2008
    Posts
    17

    Default

    But if you set Exchange/Active Directory to lock the account then you'll only end up with irate user..... not to mention that the admin has to unlock the account again.

    Maybe expand Attack Blocker to be able to do this, so after X number of connections within Y time on port Z from the same ip it will block the ip for XX minutes instead of "just" slowing it down?
    Last edited by luttermann; 09-12-2008 at 06:44 AM.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    No my OWA just prevents remote login, if you really want to defend OWA you force the client to use a VPN.

    Still a fully aware layer 7 defensive system for IIS/Apache/Whatever would be nice. I think most of this is in place...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Sep 2008
    Posts
    6

    Default

    This would be an excellent feature. I've seen many Exchange (and other mail servers') logs fill up with spammers trying to hack pop3 and smtp accounts using obvious lists of names. Please add this feature.

  7. #7
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,565

    Default

    //nods

    This would be a great feature.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Perhaps now I should point out that the pop3 and imap connectors are considered depreciated and will not be present in the next version of Exchange?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Master Untangler Lee Sharp's Avatar
    Join Date
    Feb 2008
    Location
    Houston, TX
    Posts
    391

    Default

    Quote Originally Posted by Lee Sharp View Post
    fail2ban can do this, and is installable into Untangle. If you have some way to get remote logs to the Untangle box, and configure fail2ban to use them, you can do this now. Not trivial, I know, but amazingly powerful.
    Crank your OWA logs to a syslog server. (On untangle or mounted from untangle) Point fail2ban at those logs. Tell fail2ban what to look for. Watch the magic. Anyone want to make this a plugin?

  10. #10
    Untangler
    Join Date
    Mar 2008
    Location
    The Netherlands
    Posts
    80

    Default

    Quote Originally Posted by sky-knight View Post
    Perhaps now I should point out that the pop3 and imap connectors are considered depreciated and will not be present in the next version of Exchange?
    Dropping POP3 I understand, IMAP I do not. required service imho.
    Our Current Platform [INACTIVE Until further notice - finally in a new building!]
    ---------------------------------
    Intel Desktop Board type D865GVHZ + Intel P4 3.0Ghz HT, 2GB Dual-channel RAM, 40GB HDD, 3x3Com 309x 10/100 PCI, 3Mbit 4 to 1 Business Cable, roughly 500 users and 220 machines and growing.
    ---------------------------------
    Please make use of the Untangle Bugzilla to vote for and report issues/requests!!

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2